If you're strictly thinking of security, you may want to separate this
out into one or more specific operations.

One might be a "quiesce client", so that the client will stop using a
samba service and disconnect safely. It can then reconnect to the same
or a different service, under different ground-rules. That will work for
misconfigurations, brain-dead clients and the like.

A second one might be "kick quiesced client entirely off", for
recovering from wedged clients, bugs and the like. It would only apply
after one did what one could to quiesce the user.

In the scurity space, a possible third is "apply new restriction", which
would succeed if the client was not currently using the thing
restricted, and fail if not. On failure, you might then need to quiesce
them so that they disconnected and thereafter could only connect with
the restriction in place. That's less dangerous that an unconditional
disconnect.

Or, you could simply say "restrictions come into play on open/connect",
and not have to do anything with the client.
The latter won't pass orange-book requirements, but it's not
unreasonable so long as one does have a "kill" in one's back pocket to
deal with really evil cases.

--dave
[Multics AIM under the Orange Book had a "apply MAC change right now"
functionality that could utterly mess up a process that was losing
privilege. It was one of the few cases I know of where a sysadmin could
really do something harmful]

That's a good enhancement (make the command trigger a
break first). However this is a "be careful what you
wish for" command - people have been asking for a
way to forcibly disconnect a specific client for
quite a long time.

Maybe it should be renamed "smbcontrol force-disconnect-client"
or "smbcontrol disconnect-client-with-extreme-prejudice"
command ?

:-).

Jeremy.